[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #228186 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Sat Jan 10 12:14:03 IST 2026 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Saturday, January 10, 2026 12:13:53 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #228186 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 228186

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  49754400      165848        17.3%   142.250.181.174
  26793000       89310         9.3%      23.41.187.31
  26767200       89224         9.3%       23.41.187.5
  16676700       55589         5.8%    199.232.82.172
  14605200       48684         5.1%   151.101.242.172
  12738600       42462         4.4%     162.125.69.14
   4243800       14146         1.5%   142.251.140.106
   3713400       12378         1.3%    57.144.248.192
   3547200       11824         1.2%     20.209.177.33
   2641200        8804         0.9%     93.123.17.252

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total           Dst IP
---------------------------------------------------
  15552600       51842         5.4%    132.73.124.72
  14436000       48120         5.0%   192.114.23.221
  12824700       42749         4.5%     132.73.124.8
  12108300       40361         4.2%     132.76.61.53
  11491200       38304         4.0%    132.73.124.68
   8226000       27420         2.9%   132.73.124.236
   8185800       27286         2.8%    132.73.124.48
   7297200       24324         2.5%   132.73.124.152
   6495000       21650         2.3%   199.232.82.172
   5926200       19754         2.1%   132.73.124.216

Top-10 Possible Targets by Bytes:
           Src IP   Src Port          Dst IP   Dst Port   Sampled Count
---------------------------------------------------------------------
  142.250.181.174                                           71844924600
  142.250.181.174        443                                71844751800
     23.41.187.31        443                                40072972500
     23.41.187.31                                           40072972500
      23.41.187.5        443                                40048480800
      23.41.187.5                                           40048480800
   199.232.82.172                                           23671144500
   199.232.82.172        443                                22473631500
                               132.73.124.72                21920241000
                         443   132.73.124.72                21918765900

Metric Info:
1M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate.

Start Time: 2026-01-10 10:13:44
End Time: ongoing

First Event Seen: 2026-01-10 10:11:00
Last Event Seen: 2026-01-10 10:12:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/228186/

More information about the Nemo-ddos-list mailing list